Menu
I have a bucket called 'ben-bucket' inside that bucket I have multiple files. I want to be able to set permissions for each file URL. I'm not too sure but I'm assuming if I wanted URL for each file inside a bucket. My URL would be like this?
https://ben-bucket.s3.amazonaws.com/<file_name>
So basically, I want to set a public access to that URL. How would I do it? I tried this and it doesn't work
bucket = s3.Bucket('ben-bucket').Object('db.sqlite')
bucket.BucketAcl('public-read')
print bucket_acl
The code provided. db.sqlite is one of the files inside my bucket ben-bucket The code doesn't work. I want to be able to access the following URL publicly
https://ben-bucket.s3.amazonaws.com/db.sqlite
The code I provided doesn't set the permission to public-read.
744
You can use the NotPrincipal element of an IAM or S3 bucket policy to limit resource access to a specific set of users. This element allows you to block all users who are not defined in its value array, even if they have an Allow in their own IAM user policies.
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that contains the object. In the objects list, choose the name of the object for which you want to set permissions. Choose Permissions.
You can restrict access to objects in your bucket to specific IP address by attaching policy which contains allowed IP address range in the "Condition" statement.
By default, all objects in Amazon S3 are private. You can then add permissions so that people can access your objects. This can be done via:
If you wish to grant public access to your entire bucket, the simiplest option is to create a Bucket Policy like this (from Bucket Policy Examples]:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/*"]
}
]
}
If you wish to grant public access only to a sub-directory within the bucket, use:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::MY-BUCKET/PATH/*"]
}
]
}
Yes, you could also set the permissions on each individual file. The code for that would be:
import boto3
s3 = boto3.resource('s3')
object = s3.Bucket('ben-bucket').Object('db.sqlite')
object.Acl().put(ACL='public-read')
Reference: Boto3 S3 access controls
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
